Bug 3187 - "Fancy" ping6's ICMPv6 echo requests are malformed and do not generate replies from OS X, iOS hosts
Summary: "Fancy" ping6's ICMPv6 echo requests are malformed and do not generate replie...
Status: RESOLVED FIXED
Alias: None
Product: Busybox
Classification: Unclassified
Component: Networking (show other bugs)
Version: 1.18.x
Hardware: All Linux
: P5 normal
Target Milestone: ---
Assignee: unassigned
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-02-02 05:23 UTC by Wes Campaigne
Modified: 2011-02-07 14:18 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wes Campaigne 2011-02-02 05:23:00 UTC 
When ping6 is built with FEATURE_FANCY_PING set, echo requests sent to OS X and iOS based hosts do not generate replies consistently.

The problem is the value of icmp6_code: RFC 4443 specifies it as 0, and both OS X and iOS actually check that, and only send an echo reply if it was in fact 0. (Other OSes are more permissive.)

For some reason, BusyBox's sendping6 function (networking/ping.c, line ~400) has all the lines that would set a value of 0 for icmp6_code in its requests commented out. The code field and most of the rest of the packet is uninitialized memory (ie random data).

The function also doesn't actually calculate or set the checksum value for the ICMPv6 header, but it's the non-zero code field that is causing the issue with Apple OSes.

(Testing was done with BusyBox 1.18.2 on TomatoUSB, K26)
Comment 1 Denys Vlasenko 2011-02-05 02:50:07 UTC 
The fix appears to be:

 static void sendping6(int junk UNUSED_PARAM)
 {
-       struct icmp6_hdr *pkt = alloca(datalen + sizeof(struct icmp6_hdr) + 4);
+       struct icmp6_hdr *pkt = G.snd_packet;


Can you confirm that it works?
Comment 2 Denys Vlasenko 2011-02-07 14:18:41 UTC 
Fixed in git and will go into 1.18.3